Organizations urged to patch for BlueKeep as latest malware charts are revealed
Check Point Research, has released its Global Threat Index for May 2019 and is warning organizations to check and patch for the BlueKeep Microsoft RDP flaw in Windows 7 and Windows Server 2008 machines, to prevent the risk of it being exploited for ransomware and cryptomining attacks.
BlueKeep affects nearly a million machines accessible to the public internet and many more within organizations' networks. The vulnerability is critical because it requires no user interaction in order to be exploited. RDP is already an established, popular attack vector which has been used to install ransomware.
"The biggest threat we've seen over the past month is BlueKeep. Even though no attacks have yet been seen exploiting it, several public proof-of-concept exploits have been developed," says Maya Horowitz, threat intelligence and research director at Check Point. "We agree with Microsoft and other cybersecurity industry observers that BlueKeep could be used to launch cyberattacks on the scale of 2017's massive WannaCry and NotPetya campaigns. One single computer with this flaw can be used to deliver a malicious payload that infects an entire network. Then all infected computers with Internet access can infect other vulnerable devices worldwide -- enabling the attack to spread exponentially, at an unstoppable pace. So it's critical that organizations protect themselves – and others – by patching the flaw now, before it’s too late."
The top three malware programs for May are all coin miner variants; Cryptoloot, which uses the victim’s CPU or GPU power and existing resources for crypto mining - adding transactions to the blockchain and releasing new currency; XMRig, an open-source CPU mining software used for the mining process of the Monero cryptocurrency; and JSEcoin, a JavaScript miner that can be embedded in websites.
The top three for mobile are; Lotoor, a hack tool that exploits vulnerabilities on Android operating systems in order to gain root privileges on compromised mobile devices; Hiddad, Android malware which repackages legitimate apps and then releases them to a third-party store and can gain access to key security details built into the OS, allowing an attacker to obtain sensitive user data; and Triada, a modular Backdoor for Android which grants super user privileges to downloaded malware, as helps it to get embedded into system processes.
The most exploited vulnerabilities for May include some old favorites. SQL Injection tops the list, followed by Web Server Exposed Git Repository Information Disclosure, and OpenSSL TLS DTLS Heartbeat Information Disclosure.
The full report is available from the Check Point website.
Photo Credit: Rawpixel.com/Shutterstock